What is our primary use case?
We use Nessus Scanner for internal and external penetration testing activities. The tool in internal penetration testing activities is very useful, but requires regular updating of the patches which requires certain memory and RAM space in the installed server.
How has it helped my organization?
In order to finish a project, a pentester in our company has, on average, five days including documentation. Without this tool just the testing would take five days. By using Nessus, we are able to finish testing with assured results, in half the time.
What is most valuable?
Nessus scanner is very effective for internal penetration testing.
What needs improvement?
I feel that in certain areas this product has false positives which the company should work on.
They should also try to include business logic vulnerabilities in the scanner testing.
Finally, the vulnerability assessment feature should be increased to other hardware devices, apart from firewalls.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The product we use in our office under different environments is highly stable.
What do I think about the scalability of the solution?
This product is designed for easy scalability and can scale up without major challenges.
How is customer service and technical support?
We experienced very quick customer support. They had a complete list of our previous issues along with our history which made it faster for us to solve the issues.
How was the initial setup?
It's a straightforward implementation. Once you receive the key, you need to enter the PIN number and, through the internet, it automatically detects the version and internet. It downloads packages seamlessly. One point to note here is that once the license is over, you can only access the completed files but you cannot initiate new scans.
What's my experience with pricing, setup cost, and licensing?
It's best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Which other solutions did I evaluate?
Qualys box, but it is bulky and difficult to carry everywhere. The benefit with Nessus is that it is in software format.
What other advice do I have?
Try the Home edition of the product to understand the scanner settings. Note that packages are pushed for Home edition after seven days, whereas in the Professional version the packages are released on the same day of vulnerability declaration.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Apr 08 2018